Setting up access to company files

14.05.2020

Back to blog list

Due to potential social engineering and the fact that many losses that companies suffer are related to employees, access control system installation is a major factor in ensuring company security. By restricting user rights in a certain way, companies can protect themselves from their financial information and security information being stolen or modified by outside attackers, disgruntled current or already dismissed employees, and fraudsters. Experience has shown that the best practice is to give access only to employees who have a need for it to do their jobs.

There are four main access control models. The first is discretionary access control, or DAC. In this case, the data owner or creator is the one who specifies who will have access to the file. It works well in the case of Microsoft’s SharePoint services, in which the person who designs the content holds all the accessing power. This model is simple and is used in environments that do not necessitate high-level security. This type of access control does not discriminate between the types of users authorized to access the file. The access control model typically used by the military is called “mandatory access control”. In this case, access is provided based on a particular person’s security clearance. 

A popular system that is used in companies and institutions with a lot of turnover is role-based access control (RBAC). With such systems, a user is not directly assigned access rights, but rather different users can be assigned roles, which are configured to include access to certain files. It is common for HR representatives to hold the role that entails settling and discussing human resources issues. A role based access control example that nobody other than an HR representative, especially people involved in a workplace incident, will be able to access these files. Meanwhile, engineers who make drafts at a machinery factory are the only employees given the right to design and edit designs of such machinery. 

Another system is rule-based access control (also RBAC). This is a dynamic system in which access is given based on an evaluation. This system has rules to comply with, for example, a system may be available only during business hours, only in certain cities around the globe, and such a system is necessary to define the operation of firewalls. Based on different conditions, users may be granted or denied access to certain files, which is demonstrated on a two-dimensional table called an access control matrix. With efficiency and security as top priorities, on a regular basis, a company must conduct a user access review to eliminate risks and ensure that its employees have all the access rights they need to perform their jobs effectively. This is when potentially harmful access can be discovered and eliminated before it becomes a problem, such as former managers still having excess rights, poorly segregated access rights from different departments, and former employees still being able to access the system, as well as passwords that are not changed sufficiently often. 

Folder System Monitoring with Cloud Based Access Control

Companies are well advised to control access via a cloud, especially smaller ones, since it will not require the extra cost of maintenance and training, nor the headache of doing this in-house. From this cloud, a popular method of observing user access to important files is file system monitoring. This service will enable the rate to be reported at which bytes are being transferred as well as the rate that operations are being performed, including the writing and reading requests for data.